Latest Apple Vulnerabilities

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme.
Mozilla Firefox=123
Apple iOS
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar.
Mozilla Firefox=123
Apple iOS
Security Vulnerabilities fixed in Firefox for iOS 123
Mozilla Firefox=123
Apple iOS
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page.
Mozilla Firefox=123
Apple iOS
Improper validation of update packages
Snowsoftware Snow Inventory Agent<6.7.2
Snowsoftware Snow Inventory Agent>=6.14.0<6.14.5
Snowsoftware Snow Inventory Agent=6.12.0
Apple macOS
Linux Linux kernel
Microsoft Windows
Miro Desktop 0.8.18 on macOS allows Electron code injection.
Miro Miro=0.8.18
Apple macOS
About the security content of visionOS 1.0.2
Apple visionOS<1.0.2
An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
<=3.1.0
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
Discord Discord<=0.0.291
Apple macOS
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
Postman Postman<10.22
Apple macOS
About the security content of iOS 17.3 and iPadOS 17.3
Apple iOS<17.3
Apple iPadOS<17.3
About the security content of watchOS 10.3
Apple watchOS<10.3
About the security content of iOS 15.8.1 and iPadOS 15.8.1
Apple iOS<15.8.1
Apple iPadOS<15.8.1
Mail Search. This issue was addressed with improved redaction of sensitive information.
Apple macOS Ventura<13.6.4
Apple macOS Monterey<12.7.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
and 6 more
Reset Services. The issue was addressed with improved authentication.
Apple iOS<17.3
Apple iPadOS<17.3
Apple iPadOS<17.3
Apple iPhone OS<17.3
Apple Multiple Products Type Confusion Vulnerability
Apple Multiple Products
Apple macOS Ventura<13.6.4
Apple macOS Monterey<12.7.3
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple tvOS<17.3
and 23 more
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3....
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple watchOS<10.3
Apple tvOS<17.3
Apple iOS<17.3
Apple iPadOS<17.3
and 15 more
About the security content of macOS Sonoma 14.3
Apple macOS Sonoma<14.3
About the security content of iOS 16.7.5 and iPadOS 16.7.5
Apple iOS<16.7.5
Apple iPadOS<16.7.5
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processin...
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple tvOS<17.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
and 15 more
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A...
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
and 8 more
Apple Neural Engine. The issue was addressed with improved memory handling.
Apple macOS Monterey<12.7.3
Apple macOS Ventura<13.6.4
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple watchOS<10.3
Apple tvOS<17.3
and 12 more
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPa...
Apple watchOS<10.3
Apple tvOS<17.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
and 4 more
About the security content of tvOS 17.3
Apple tvOS<17.3
About the security content of macOS Ventura 13.6.4
Apple macOS Ventura<13.6.4
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensiti...
Apple tvOS<17.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
and 4 more
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously...
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS>16.0<16.7.5
and 4 more
About the security content of macOS Monterey 12.7.3
Apple macOS Monterey<12.7.3
LLVM. The issue was addressed with improved memory handling.
Apple macOS Sonoma<14.3
Apple macOS<14.3
Shortcuts. The issue was addressed with additional permissions checks.
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS>17.0<17.3
Apple iPhone OS>17.0<17.3
and 2 more
Kernel. The issue was addressed with improved memory handling.
Apple tvOS<17.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
and 4 more
Finder. The issue was addressed with improved checks.
Apple macOS Ventura<13.6.4
Apple macOS Sonoma<14.3
Apple macOS>=13.0<13.6.4
Apple macOS>=14.0<14.3
About the security content of Safari 17.3
Apple Safari<17.3
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy ...
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
Apple iPhone OS<17.3
and 2 more
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a use...
Apple tvOS<17.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
and 4 more
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user ...
Apple tvOS<17.3
Apple watchOS<10.3
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS<17.3
and 4 more
Shortcuts. The issue was addressed with additional permissions checks.
Apple iOS<17.3
Apple iPadOS<17.3
Apple macOS Sonoma<14.3
Apple iPadOS>17.0<17.3
Apple iPhone OS>17.0<17.3
Apple macOS<14.3
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.
Studionetworksolutions Sharebrowser<7.0
Apple macOS
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
HYPR Workforce Access<8.7
Apple macOS
GPU kernel implementations susceptible to memory leak
Apple GPU drivers
Qualcomm GPU drivers
AMD GPU drivers
Imagination GPU drivers
Apple GPU drivers<=3.0.11
Apple GPU drivers<=1.3.224
and 259 more
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerabilit...
Adobe Substance 3D Stager<=2.1.3
Apple macOS
Microsoft Windows
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its...
Apple Magic Keyboard Firmware Update<2.0.6
Apple Magic Keyboard Firmware Update<2.0.6
Apple Magic Keyboard Firmware Update
About the security content of Magic Keyboard Firmware Update 2.0.6
Apple Magic Keyboard Firmware Update<2.0.6
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information v...
Heimdalsecurity Thor<3.7.0
Microsoft Windows
Heimdalsecurity Thor<=2.6.9
Apple macOS
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlat...
Heimdalsecurity Thor<=3.5.3
Microsoft Windows
Heimdalsecurity Thor<=2.6.9
Apple macOS

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203